When running the Supervisor Assist java app a errors popup window shows error "Unable to connect to Supervisor Assist server. Application will now close."
In the java console log the following exceptions are seen...
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The Application is trying to connect to the Supervisor Assist server in secure mode, but the apps Java Runtime Environment (JRE) doesn't trust the certificate on FAS. This may be because it's using the default self-signed certificate or and or invalid one has been configured.
The JRE doesn't share a trust store with the browsers, so although you can temporarily accept a certificate in the browser, the JRE still doesn't trust it. This means that the browser will happily download the JNLP app once the temporarily certificate exception is accepted, however the JNLP app will expect a valid certificate from the server and won't connect without one.
There are two options:
1. Obtain a valid CA signed certificate
Then re-run the configure script supplying that cert (both private & public portions) - This is the best option, but not common for test environments
2. Connect over HTTP
This is not a good option for a production install, but can be convenient for demo or test environments. To change the admin settings to allow insecure access:
- Log in as an administrator (default: admin / pwd)
- Go to 'Administer'
- Change 'Allow Insecure Access' to 'True' (The insecure mode of operation was added to allow SA to be used without a real cert.)
- Click 'Save'
- Click the 'Home' icon at the top-right of the page
- Add a security exception to the Java configuration for http://[SA Address]:8443
- Re-download JNLP desktop app (may need to log in as a different user, depending on setup)